ZTE ZXCLOUD iRAI 代码问题漏洞

The ZTE ZXCLOUD iRAI is a virtualized device from China’s ZTE Corporation. The ZTE ZXCLOUD iRAI has a code vulnerability, which stems from an issue with the openssl.cnf permission escalation. This vulnerability could allow attackers to execute arbitrary code locally and escalate their privileges...

ZTE PROCESS Guard 安全漏洞

ZTE PROCESS Guard is a process security protection and monitoring software developed by ZTE Corporation. ZTE PROCESS Guard has a security vulnerability that may lead to arbitrary code execution on the local level, privilege escalation, and path traversal bypasses...

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

PT-2026-37228

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description Several ProcessServer handlers, specifically KillAllHandler, SuspendAllHandler, and RunSandboxedHandler, copy a boxname field from request structures into stack buffers using wcscpy without...

CVE-2026-36365

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...

caesium-image-compressor 命令注入漏洞

Caesium-image-compressor is a image compression tool developed by Matteo Paonessa, which supports JPG, PNG, and WebP formats. Caesium-image-compressor has a command injection vulnerability, which stems from issues with the shutdownMachine and putMachineToSleep functions in...

CVE-2026-36365

CVE-2026-36365 concerns Lymphatus caesium-image-compressor (all versions up to commit 02da2c6). The issue allows a local attacker to execute arbitrary code via the functions shutdownMachine and putMachineToSleep in PostCompressionActions.cpp. CVSS 3.1 base score 7.8 (High): Local attacker with lo...

Astra Linux - уязвимость в linux

It was discovered that the eBPF implementation in the Linux kernel failed to properly track bound information for 32-bit registers when performing division and modulo operations. A local attacker could use this vulnerability to potentially execute arbitrary code...

Astra Linux – Vulnerability in assimp

A vulnerability exists in assimp v.5.4.3, allowing a local attacker to execute arbitrary code through the CallbackToLogRedirector function within the Assimp library...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

The “Use After Free” vulnerability in the Linux kernel allows for the execution of code in a local environment on Linux, x86, and ARM bluetooth modules. This vulnerability is associated with program files located at https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C...

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

CVE-2018-25314

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

CVE-2018-25303

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input string with 780 bytes of junk...

CVE-2018-25301

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

CVE-2018-25315

Alloksoft Video joiner 4.6.1217 contains a local buffer overflow vulnerability in the License Name input that can lead to arbitrary code execution via SEH overwrite when processing license registration. Affected component: License handling in the application; root cause: buffer overflow in licens...

CVE-2018-25315 Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler SEH overwrite and shellcode to achieve code...

CVE-2018-25315 Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler SEH overwrite and shellcode to achieve code...

CVE-2018-25315

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler SEH overwrite and shellcode to achieve code...

CVE-2018-25314

CVE-2018-25314 affects Allok Soft WMV to AVI MPEG DVD WMV Converter 4.6.1217, where a buffer overflow in the License Name field allows local attackers to execute arbitrary code via input containing shellcode with an SEH overwrite, potentially gaining application-privilege execution. The NVD/CVE r...

CVE-2018-25314 Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...